Android system access to the principle of root authority detailed

Android Root access cracking analysis

Many friends of the new Android machine has not cracked the root permissions, can not use some high privileges of the software, as well as a number of highly privileged operations, in fact, crack the root of the mobile phone is relatively simple and safe, the principle of cracking root authority is in the phone/system/bin/or/ system/xbin/directory to place an executable "su", which is a binary file, equivalent to a computer EXE file, only in the system placed this "su" file is not to the phone's software or hardware caused any failure.

The following code is part of the code in the original SU of the Android system, and it can be seen that only the processes that allow Getuid () for aid_root and Aid_shell can log in using Su.

<span style= "FONT-SIZE:18PX;" ><strong>/* Until We have something better, only root and the shell can be use SU. * *
myUID = Getuid ();  
if (myuid!= aid_root && myuid!= aid_shell) {  
fprintf (stderr, "su:uid%d not allowed to su\n", myuid);  
return 1;  
} </strong></span>

Face in Superuser this Android program Su no longer has the above part, so any process can use Su to log in, some of the Android program to use root permissions may be used similar to (this is also a part of the Superuser code):

01.Process Process = Runtime.getruntime (). EXEC ("su");  
02.DataOutputStream OS = new DataOutputStream (Process.getoutputstream ());  
03.os.writebytes ("mount-oremount,rw/dev/block/mtdblock3/system\n");  
04.os.writebytes ("BusyBox cp/data/data/com.koushikdutta.superuser/su/system/bin/su\n");  
05.os.writebytes ("BusyBox chown 0:0/system/bin/su\n");  
06.os.writebytes ("chmod 4755/system/bin/su\n");  
07.os.writebytes ("exit\n");  

This is part of the code in the Superuser and Android apps mentioned above:

if (Setgid (GID) | | setuid (UID)) {  
fprintf (stderr, su:permission denied\n);  
return 1;  
}

It looks like this is the place for permission switching. For ordinary users to be able to use the SU,SU permission if so:

-rwsr-xr-x. 1 root root 34904 November 3 2010/bin/su

This is the same as the computer version of SU.

From the above analysis can be considered to crack the root of Android is the essence: in the system to add a user can be used to log the SU command. Of course, this first has to get root permission to do. A rageagainstthecage in a program that z4root Android's root permissions for Android may be a program that manages to get root privileges.